Cybersecurity is a Business Decision

Today, many companies struggle with their cybersecurity budget. Either not spending enough or spending too much, both issues result in unreliable cybersecurity.

Several CISOs have said that their cybersecurity budget comes from the ROI and contribution it adds to the business. Making sure the business is secure while creating growth and profit is what makes cybersecurity a business decision.

When cybersecurity spending is not calculated and not part of a solid business plan, many endpoint security issues arise. Businesses need to track the effectiveness of their cybersecurity to define the ROI and create a budget.

“More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats”.

Businesses must keep their devices up to compliance otherwise the risk of a breach is imminent. Especially as most workers are remote which makes network security much more difficult to maintain.

Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Contact us today!

Blackbaud Pays After Ransomware Attack

Blackbaud, one of the largest providers of fundraising technology to nonprofits, universities, and other charities was hacked. After a ransomware attack left important data encrypted, Blackbaud was forced to either pay the ransom or let the data be sold to other cybercriminals. Blackbaud paid in Bitcoin and received confirmation that the data was destroyed.

It is unknown how much was paid to the hackers, but the ransom was not paid until there was sufficient proof that the data was destroyed. Blackbaud officials say that credit card info, bank account info or social security numbers were not stolen. To ensure the privacy of its customers, the company hired outside-experts to monitor the internet and dark web. To make sure that no information was released or sold by the hackers.

Blackbaud is the target of millions of cyberattacks each month

The company follows the industry best practices and they conduct aggressive tests on the security of their systems and infrastructure. They are a part of many Cyber Security related organizations. Officials claim to have implemented additional security measures to prevent this from happening again.

This is the second time this year that a major provider for the nonprofit sector was hacked. Earlier this year MIP, a financial software company, was hacked and users were locked out for 3 weeks.

Protect your data

Ostra Cyber Security provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting as many antiviruses do. Ostra keeps everything up to date meaning the latest threats are already neutralized before they attack.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jYC0eL

Twitters Biggest Threat: Its Own Employees

Twitter demonstrated an example of the biggest cybersecurity threat that companies cannot defend against. Their own employees.

When Twitter was breached mid-July, many highly followed blue checkmark accounts became pawns in a coordinated bitcoin scam. Some accounts included Joe Biden, Elon Musk, Jeff Bezos, even the Twitter Support account. It took twitter multiple hours to contain the breach, while the hackers received over $115,000 in bitcoin transfers.

Twitter tweeted, saying the breach was “a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools”. What that means is that the attack was not through malware or a technical problem, but an employee let it happen.

Humans are the biggest threat to cybersecurity

Twitter told a tech-focused news website that whoever was behind the breach had gained access from an employee. An employee who was paid and willingly gave the hackers access. Insider attacks like this are common, and a huge threat since humans are unpredictable compared to technology. You can apply updates and fix cybersecurity tech, but you cannot fix humans who would turn on their company for a handful of cash.

35% of attacks are insider attacks — SpectorSoft

Insider attacks occur more often when the economy and job market are in poor condition. A pandemic is a perfect time for hackers to target employees who need money.

Ostra protects against known and unknown threats even when they come from inside.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://nbcnews.to/2De2ubx

Garmin Hit by 4-Day Ransomware Attack

The navigation company became the victim of a ransomware attack on Thursday. The attack left many Garmin systems offline, including fitness apps, aircraft navigation systems, and customer service centers. Garmin factories had to close production lines, and planes that use Garmin navigation were grounded.

The attack completely crippled the navigation company. A cybersecurity company reported that Garmin’s IT department shut down all the company’s computers, including employee computers at home. Anything connected to the Garmin network, even by VPN, was cut off to stop the ransomware from spreading through the network.

10 Million dollar ransom

Garmin employees say that the attack was due to WastedLocker ransomware. The hackers encrypted a large number of company files, with a ransom note attached to each file. The ransom note has directions to email one of two email addresses to get a price for the encrypted data. Garmin has confirmed that the price was $10 Million for the decryption key.

The attack lasted 4 days, with Garmin systems becoming operational again on Monday (July 27th). Currently, it is not known whether Garmin paid the $10 Million, but the real price was paid in the number of lost profits from 4 days of operation.

Protect your business

Ostra eliminates the human errors that can lead to a ransomware attack by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help secure your network and keep your businesses private data out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3g7FdX3

Why One Data Breach Can Lead to More Cyber Attacks

Recently, cyberattacks have skyrocketed during the COVID-19 pandemic, which is a huge issue in the long run. Most businesses have become too used to these attacks, and usually, disregard the long-term effects that the breach has caused. Especially when gigabytes of personal customer information is stolen and posted on the dark web.

Personal Details Can Lead to Endless Threats

When a business becomes the victim of a data breach, usually they can pay the hackers and get the data back. But that is when the real threat starts. The business will do damage control and send out emails to their affected customers. The goal of the email is to establish a perception of safety and security. Even though the business has no idea who has access to their customers’ information.

The data that is lost in these incidents, like stolen personal data, lead to ransomware or “man-in-the-middle” breaches in the future.

“Ransomware exploits can arrive in email, text, messaging and social engineering. The success of these attacks counts on the appearance of legitimacy, which is why they often offer links, attachments, and messaging from familiar sources, sites, and people”.

The more personal information gathered from past breaches, the more likely they are to be the target of a social engineering attack. With loads of information, it’s easy for a hacker to pretend to be a close associate.

Data leaks that occur today may not even be harmful for years to come. As personal information is being sold, traded, and bought all over the dark web, long term security issues will emerge. Private information gathered throughout the next 5 years could help cyberattack hold an entire business network hostage.

Protect your customer information

To protect the organization, company IT security programs should be in the hands of professionally managed security teams or outsourced to managed security firms.

Ostra is the professionally managed security team for your business. Managing everything from desktops and laptops, to tablets and BYODs Ostra’s technology keeps everyone safe.

Want to find out more? Contact us today!

Outdated Budgets are a Threat to Business Cybersecurity

Its 2020 and business are operating online more than ever before. But many organizations are looking to decrease their overall spending as things move online. That is an issue for cybersecurity teams who are expected to keep the same security, now with more vulnerabilities, while on a lower budget.

Cybersecurity budgets are usually the first to get cut, even in a pandemic when phishing attacks have increased more than 600%. One of the biggest issues that companies are facing is the lack of funds for an up-to-date cybersecurity team/program.

“Cybersecurity budgets aren’t revised for current threatscapes. Even though many organizations are still in the midst of extensive digital transformation, their budgets often reflect the threatscape from years ago”.

When cybersecurity budgets aren’t updated, so are the old security systems and programs. Hackers can easily take advantage of a security system when they use tools that are more updated than the system they’re attacking.

Stay Updated

Ostra Cyber Security is your security team of experts. We manage and update the technology daily. Use your budget wisely and let the experts keep you safe.

Want to find out more? Visit our website or contact us today!

 

Hackers are Selling Your Data to the Highest Bidder

It is never a good situation when data is stolen by hackers. In the best-case scenario, the victim would pay the ransom and hope the hackers give back and delete the data. But that is not typically how it goes.

Usually, if the victim does not pay the ransom, the data is auctioned off on the dark web for the highest bidder. Sometimes even if the victim pays to get the data back, the hackers will still sell the data online.

How is the data auctioned off?

Researchers at a cybersecurity company have published a report that shares the details of these dark web data auctions. Once the data is put up for auction, anyone with dark web access can bid on it. No identity proof is required, only a simple CAPTCHA checkpoint. The highest bid must be paid in cryptocurrency, which is untraceable.

The company discovered many listings on the dark web. A simple 50 gigabytes of sensitive files and data from a U.S. law firm are sold for $30k. The most expensive found was a full library of trade secrets, patents, and executive-level communication history, all for the price of $1.2 Million.

“Email inboxes are still the most common starting point for ransomware attacks. Being able to identify a phishing message could keep your secrets from being spilled to the highest bidder”.

Cyberattacks are only increasing and victims are paying the ransoms. Cybercriminals have no reason to stop attacking, especially when they can make a fortune from one successful phishing email.

Protect your data

Ostra protects your company from all threats including the number one-way attacks can happen; email.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3jtMuTl

What a Cyber Attack on the Energy Sector Could Mean

Even though the energy sector faces the same threats as every other sector, an attack on the energy industry could cause the most damage. A cyber-attack targeting a major power grid could completely shut down an entire economy. The attack could be so widespread that it could knock out the power for many large cities, resulting in disastrous damages.

In 2016, a Russian hacking group is believed to have attacked the Ukraine power grid. Resulting in the loss of power in Ukraine for a long duration. This example is evidence that there are many cybercriminal organizations that have the power to take away energy for an entire population.

“If one country wants to inflict major damage on another, they don’t need to drop bombs. All they need to do is hack into their power grid.”

Just one successful phishing email or a hidden security issue and an entire power grid can be attacked. Even if your business is not an electric company with access to a power grid. You still have something that cybercriminals want access to, and they will try their best to get it.

Protect yourself with Ostra Cybersecurity

Ostra protects your company from all threats including the number one way that attacks can happen; email.

Want to find out more? Contract us today!

Over 100 Law Firms Report Data Breaches

There have been more than 100 law firms that have reported data breaches since 2014. Since about 20 states do not require that law firms report data breaches, that number is definitely higher.

Most of the reported breaches occurred through phishing attacks, with some through hacking or security lapses.

One big law firm reported that they received emails that were designed to appear like a legitimate request for W-2 forms. This attack led to many W-2 forms being sent to the unauthorized user behind the attack. Exposing Salaries, SSNs, and other personal information for 900 people.

While another law firm reported that a payroll employee responded to an email that claimed to be from a senior executive. The email exposed the private information of 1,500 people.

Protect your business

Ostra eliminates the human errors that can lead to stolen logins by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help you keep your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/30wzymN

Android Faces New Security Threat, Malware That Spreads Itself

Self-Spreading Android Malware

There is a new type of malware that has recently appeared on Android phones throughout the world. This malware can steal personal information, bank details, and can read your text messages. Once the phone is infected, it uses the user’s contact list to spread itself through text messaging.

FakeSpy Malware is linked to a Chinese-speaking cybercriminal group called ‘Roaming Mantis’. There have been other campaigns of this malware in the past. However, it is always evolving and is updated to stay undetected by updated security measures.

Recently Android users in the US, UK, Germany, China, and others have been under threat of this new malware. The attack starts through a phishing campaign, users receive a message related to a missed package from the post office. The link then leads them to download a fake app that appears to be the real post office app. Once the app is downloaded and users have granted minimal access, the data-stealing begins. Once the app is downloaded, the page even redirects to the actual website to appear more authentic.

Once the phone is infected, FakeSpy can steal all personal information on the phone, including all text messages sent & received. The malware spreads itself too, by using the stolen contact list, it sends the fake delivery message to all the user’s contacts.

Protect against phishing attacks

With phishing scams like this always being sent between phones, it is important to have cybersecurity that will protect your network and information immediately when faced with a threat. Your business and employees have a greater chance now than ever to be targeted for a phishing scam or worse.

Ostra Cyber Security provides active defense protection for your businesses’ and employees’ data and acts immediately instead of monitoring and alerting as many antiviruses do.

Want to find out more? Contact us today at protection@ostra.net

https://zd.net/32AhWci

Many High-Profile Twitter Accounts Simultaneously Hacked in Bitcoin Scam

Many popular twitter accounts have been hacked in a giant bitcoin scam. The accounts include Bill Gates, Joe Biden, Barack Obama, Warren Buffet, Bitcoin, Elon Musk, Jeff Bezos, Apple, Uber, Kanye West, and many more.

The twitter accounts seemed to all be simultaneously hacked, as the tweets were all identical and carried out at the same time. The tweets all had the same message, claiming to double any Bitcoin payment sent to them.

This is one of the largest coordinated attacks that Twitter has ever seen. How they did is unknown, but the scammers have managed to hack into all these accounts with ease. All with the goal to exploit possible bitcoin traders into sending them money.

The screenshot below is from Elon Musk’s twitter account. The identical message was shared multiple times on all the accounts mentioned above.

These are big names to have all their accounts hacked at the same time. The story is still developing and the details as to how the hackers gained access is still unknown.

If you think your personal accounts are safe, you will want to reconsider. The private twitter accounts of some of the worlds richest people have been hacked. Cyber-criminals are smart and always evolving, they will try to gain access to your confidential information. The odds of being hacked decrease dramatically if there is a security measure in place to catch social engineering attacks and possible mistakes.

Ostra Cyber Security uses tools that only Fortune 100 companies have access to, but Ostra delivers it at an affordable price. Ostra will help you keep you and your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

There are 15 Billion Stolen Logins on the Dark Web

A new report found the true number of stolen account logins that are currently circulating around the dark web. After auditing dark web forums and marketplaces for 18 months, the report found a 300% increase in the number of stolen account logins since 2018. Now there are 15 billion stolen usernames and passwords from over 100 thousand data breaches.

What happens to the account logins?

With 15 billion login credentials many are just given away for free, but more valuable ones can be worth a lot of money. The average price for online banking and other financial account logins is $70.91 each. Some banking accounts are reported to sell for upward of $500. Anti-virus and security program logins sell for an average price of $21.67. Many social media, music, and video streaming accounts sell for under $10 on the dark web.

The real money comes from domain administrator accounts that can give hackers access to the business network. These account logins sell in auction-style for cybercriminals who will pay up to $120,000. The price depends on the access privileges of the account. Account logins like these are stolen through phishing emails and other social engineering campaigns on employees.

Protect your employee’s logins

Protecting your passwords is extremely important. Especially since most compromised credentials belong to consumers. It is necessary to avoid re-using passwords and to use two-factor authentications if possible. One compromised employee login could lead to a lot of damage for your business.

Ostra Cyber Security eliminates the human errors that can lead to stolen logins by preventing the phishing emails, suspect inquiries, and social engineering campaigns from reaching employees. Ostra will help you keep your employee’s credentials out of the hands of cybercriminals.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/3ewbJAF

When It Comes To Cyber Training, It’s Quality Over Quantity

Conducting cyber security training more frequently than others does not mean less security incidents, according to a report by security software company, Tessian.

The percentage of employees who sent emails to the wrong people was highest in businesses that provide more frequent cyber training. 63% of employees that get training every 1-3 months remember sending emails to the wrong people. However just 43% of employees who get training once a year or less remember sending emails to the wrong person.

Quality over Quantity

This shows the importance of creating an effective and meaningful cyber security training for your employees. It is more effective to deliver quality training, that will change the behavior of the employees. Training needs to be engaging and meaningful, not boring and taught just because it needs to.

It is more important now than ever to deliver quality cyber training, as many employees are more vulnerable working remotely.

To protect against the inevitability of human error, an effective Cybersecurity Program is essential for businesses. Especially ones with remote workers operating on unsecured home networks.

The Ostra solution provides 360-degree 24/7 proactive protection to all employees, regardless of where they are located. What that means is that Ostra becomes a secure ISP for remote employees working on a home or public Wi-Fi connections. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data. Even if a mistake is made.

Want to find out more? Contact us today!

60% of Organizations Experience Cyberattacks Spread by Their Employees

With today’s huge increase in phishing attacks. Many organizations still do not provide regular cybersecurity awareness training, some don’t even have a security solution.

A new report from security vendor, Mimecast, highlights the current issues surrounding social engineering attacks. Many surprising statistics help to explain why phishing attacks are successful and how they affect the organizations. The lack of training, security programs, and an increase in remote work all play a role.

  • 51% of organizations have been impacted by ransomware in the last year
  • 58% saw an increase in phishing attacks
  • 82% have experienced downtime from an attack

These numbers show that many businesses are not prepared when it comes to cybersecurity. There has been an increase in phishing attacks, especially targeting remote workers who might be more vulnerable. Even though organizations know that the numbers are getting worse, statistics show that its their own employees that are responsible

  • 60% of organizations have had their own employees spread malicious emails
  • 55% do not provide regular security awareness training
  • 41% do not even have a system in place to monitor for phishing scams

Organizations need to take the security measures necessary to protect against phishing attacks. Which starts with a cyber security solution.

Ostra Cybersecurity has a solution that provides 24/7 proactive protection to all employees, regardless of where they are located. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data.

Want to find out more? Contact us today!

Number of Coronavirus-Related Scams Jump

The Internet Crime Complaint Center (IC3) has noted a large increase in cyber threat complaints per day. Before the COVID-19 pandemic began, they were receiving around 1,000 complaints daily. Now, they receive 4,000 complaints a day.

These cyber threats are foreign groups trying to steal COVID-19 related information. As well as cybercriminals trying to exploit users working from home. Health agencies have reported an increase in cyber threats as well, as they are a very profitable target for cyber criminals.

“Near the start of the epidemic, researchers at the cybersecurity company Barracuda Networks reported a 667 percent increase in “phishing” emails.”

These emails are sent with the purpose of downloading viruses onto the recipient’s computers. With the increase in reported phishing scams, it is important to understand and identify possible scams when going through your emails.

Protect your business and your employees

Numbers don’t lie, and the possibility of your business falling victim to a cyber attack has never been higher. Protecting your business and sensitive data is a priority in the era of cybercrime.

Ostra Cyber Security offers a total solution for cybersecurity that combines Fortune 100 tools and is easy to deploy without needing to purchase any hardware. Ostra Cyber Security is perfect for those who do not want to put a lot of time into their cybersecurity program. Just set it up and forget about it. It requires no IT support, it is budget friendly, and Ostra does all the work to stop threats before they reach you.

Want to find out more? Contact us today!

Hackers Selling Stolen Customer Information Online

Frost & Sullivan is a business consulting firm in Silicon Valley, who thought their private information was safe from the hands of hacking groups. Next thing they knew, all their sensitive employee and customer information was for sale, on the dark web.

Frost & Sullivan is a globally recognized consulting firm with offices all around the world. They offer information such as marketing research and analysis, among other things.

A hacking group known as “KelvinSecurity Team” managed to find a way into the Frost & Sullivan database by finding a vulnerability in the defense. The breach happened because of a mis-configured backup directory on the consulting firms cloud server. After finding a way to access the databases, the hacking group put the stolen data on an online hacker forum to sell.

The stolen data includes information on employee and customers, first and last names, emails and usernames, and passwords. In other words, a fortunes worth of information for a hacking group. Many hashed passwords can be easy for these groups to decipher. Giving whoever has the information access to the Frost & Sullivan’s database, as an employee.

The last thing you want is your company’s private information for sale on the dark web. Where many cybercriminals have access to it. It is important to have a security solution in place, as there are more cyberattacks then ever before.

Ostra Cyber Security offers a solution that uses the same security products that protect large businesses, for businesses of any size. Ostra’s solution has active defense that immediately responds to threats. It also provides insurance against human error or opening a phishing scam on accident.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

News source: https://bit.ly/2DiThyJ

Experts Say the Largest Cyberattack in History is Coming Soon

Experts are predicting the largest cyberattack ever in the next 6 months. Here’s Why.

When the coronavirus pandemic started, many people were only worried about how to keep working from home. Nobody was thinking about how businesses and their virtual security defenses were about to be exposed. Exposed to many more cyberthreats due to an increased “attack surface”.

 

Businesses are More Vulnerable Than Ever Before

Usually, if a company has their employees doing remote work, they provide them with a secure work laptop. The employees must go through many security measures to access their work material. Usually, a secure wi-fi connection is also required.

However, since the beginning of the pandemic, millions of Americans were forced to quickly switch to remote work. Without time to set up secure systems, many companies were left with only one option. Letting their employees work from their personal laptop, on their unsecured home network.

This is the perfect scenario for cybercriminals. All it takes is one entry point to take over the whole network. Every employee working from home, is one more entry point that cybercriminals can target. This creates a larger attack surface for every business with remote workers.

More remote workers than ever before mean that businesses are more vulnerable than ever before. Therefore, the possibility of a cyberattack bigger than ever seen before is dangerously high.

 

“Hackers broke into the networks of America’s largest defense contractor, Lockheed Martin, by targeting remote workers. If they can infiltrate this system, you best believe remote workers with little security are easy pickings.”

Smaller Attack Surface = Smaller Risk

How can businesses protect against the increased risk of a cyberattack during the pandemic? Decrease the attack surface.

Businesses with remote workers need to protect and secure the networks that their employees are using. It is important to decrease the number of entry points available. Ostra Cyber Security has a solution that will help decrease your attack surface.

The Ostra solution provides 360-degree 24/7 proactive protection to all employees, regardless of where they are located. What that means is that Ostra becomes a secure ISP for remote employees working on a home or public Wi-Fi connections. Ostra extends multiple layers of protection around the Internet Service Provider hardening the defenses and creating active barriers preventing criminals’ access to employee’s hardware and company data.

Want to find out more? Visit Ostra.net or contact us today at protection@ostra.net

https://bit.ly/2Ak2aqn

Ransomware is Getting Worse

Ransomware attacks are increasing, and not just for consumers.

Businesses have become a more valuable target for cybercriminals who are looking for a bigger payout. Cybersecurity experts say that ransomware attacks will only become a larger threat in the future.

As cybercriminal groups become more skilled in exploiting and bypassing network security defenses, they can start to target more sophisticated programs. By targeting more important businesses and their assets, like file servers, entire databases, and cloud services. These groups can demand a much higher ransom, with a much higher probability of being paid the ransom as well.

Recently a cybersecurity company has identified a cluster of attacks against multiple U.S. companies, including 8 Fortune 500 companies. These attacks were well planned out with the intent to deploy ransomware on the company networks. By using ransomware, the goal was to encrypt computer networks and servers, then demand a multi million-dollar ransom. The attackers were identified by the security company and disrupted before the companies had to pay millions, and lose valuable operating time.

Attacks like these are well coordinated and usually begin taking place weeks before anyone notices. 

“Cyber criminals often spend weeks poking around in a network before they make their attack, which means they have time to understand key digital assets, like the CEO’s emails for example, allowing them to put even more pressure on their victims”.

Protect yourself from Ransomware

It is more important today then ever before to keep your business protected from the high possibility of a ransomware attack. Especially as ransomware becomes more sophisticated. You could be caught having your data encrypted before even realizing it’s happening. 

Ostra Cybersecurity offers a Fortune 100 caliber solution, that is simple to deploy and use whether your business is 20 people or 2000. Ostra provides active defense protection for your businesses’ data and acts immediately instead of monitoring and alerting like many antiviruses do. 

Want to find out more? Contact us today!